Load, statistics and messages

The following commands are useful to find out what is going on on the system.

# top # display and update the top cpu processes

# mpstat 1 # display processors related statistics

# vmstat 2 # display virtual memory statistics

# iostat 2 # display I/O statistics (2 s intervals)

# systat -vmstat 1 # BSD summary of system statistics (1 s intervals)

# systat -tcp 1 # BSD tcp connections (try also -ip)

# systat -netstat 1 # BSD active network connections

# systat -ifstat 1 # BSD network traffic through active interfaces

# systat -iostat 1 # BSD CPU and and disk throughput

# tail -n 500 /var/log/messages # Last 500 kernel/syslog messages

# tail /var/log/warn # System warnings messages see syslog.conf

Users

# id # Show the active user id with login and group

# last # Show last logins on the system

# who # Show who is logged on the system

# groupadd admin # Add group “admin” and user colin (Linux/Solaris)

# useradd -c “Colin Barschel” -g admin -m colin

# usermod -a -G <group> <user> # Add existing user to group (Debian)

# groupmod -A <user> <group> # Add existing user to group (SuSE)

# userdel colin # Delete user colin (Linux/Solaris)

# adduser joe # FreeBSD add user joe (interactive)

# rmuser joe # FreeBSD delete user joe (interactive)

# pw groupadd admin # Use pw on FreeBSD

# pw groupmod admin -m newmember # Add a new member to a group

# pw useradd colin -c “Colin Barschel” -g admin -m -s /bin/tcsh

# pw userdel colin; pw groupdel admin

add user to root

pw usermod XXXX -G wheel

No login

# echo “Sorry no login now” > /var/run/nologin # (FreeBSD)

Per user/process

Login users and applications can be configured in /etc/security/limits.conf. For example:

# cat /etc/security/limits.conf

* hard nproc 250 # Limit user processes

asterisk hard nofile 409600 # Limit application open files

System wide

Kernel limits are also set with sysctl. Permanent limits are set in /etc/sysctl.conf or /boot/loader.conf. The syntax is the same as Linux but the keys are different.

# sysctl -a # View all system limits

# sysctl kern.maxfiles=XXXX # maximum number of file descriptors

kern.ipc.nmbclusters=32768 # Permanent entry in /etc/sysctl.conf

kern.maxfiles=65536 # Typical values for Squid

kern.maxfilesperproc=32768

kern.ipc.somaxconn=8192 # TCP queue. Better for apache/sendmail

# sysctl kern.openfiles # How many file descriptors are in use

# sysctl kern.ipc.numopensockets # How many open sockets are in use

# sysctl -w net.inet.ip.portrange.last=50000 # Default is 1024-5000

# netstat -m # network memory buffers statistics

SysV

# /etc/rc.d/sshd status

sshd is running as pid 552.

# shutdown now # Go into single-user mode

# exit # Go back to multi-user mode

# shutdown -p now # Shutdown and halt the system

# shutdown -r now # Reboot

Reset root password

FreeBSD

On FreeBSD, boot in single user mode, remount / rw and use passwd. You can select the single user mode on the boot menu (option 4) which is displayed for 10 seconds at startup. The single user mode will give you a root shell on the / partition.

# mount -u /; mount -a # will mount / rw

# passwd

# reboot

Unixes and FreeBSD and Linux

Other Unixes might not let you go away with the simple init trick. The solution is to mount the root partition from an other OS (like a rescue CD) and change the password on the disk.

* Boot a live CD or installation CD into a rescue mode which will give you a shell.